class UsersController < ApplicationController
  before_filter :admin_required

  layout 'standard'

  def index
    @users = User.find(:all)
  end

  def show
    @user = User.find(params[:id])
  end
  

  # render new.rhtml
  def new
  end


  def update
    @user = User.find(params[:id])
    @user.update_attributes(params[:user])
    
    if @user.errors.empty?
      # self.current_user = @user
      redirect_to :action => 'index'
    else
      @user.errors.each_full do |e|
        flash[:error] = e
      end
      render :action => 'show'
    end
  end

  def create
    cookies.delete :auth_token
    # protects against session fixation attacks, wreaks havoc with 
    # request forgery protection.
    # uncomment at your own risk
    # reset_session
    @user = User.new(params[:user])
    @user.save

    if @user.errors.empty?
      # self.current_user = @user
      redirect_to :action => 'index'
    else
      @user.errors.each_full do |e|
        flash[:error] = e
      end
      render :action => 'new'
    end
  end

  def destroy
    @user = User.find(params[:id])
    @user.destroy

    redirect_to :action => 'index'
  end
end

